This question is quite common. With the advent of the LGPD, many companies have implemented a series of personal data protection measures. However, considering how recent the LGPD is, there is still significant regulatory uncertainty about how it will be applied by the authorities.

What will the fines be like?

How has the Brazilian judiciary interpreted the law?

How will key points such as international data transfers and security incident reporting be regulated?

In this scenario, the question remains: “Is my Privacy and Personal Data Protection Program sufficient?”

Chenut has suggested and implemented for several of its clients an assessment to guarantee the maturity analysis of the implemented program. The analysis is divided into a documentary phase – with the aim of verifying that the company’s governance documentation complies with legal and regulatory requirements – and a field analysis – in which we interview employees from key areas to confirm the capillarity of the company’s personal data protection practices.

The results are quantified using Chenut’s own framework, developed by the Digital Law and Data Protection Team, a team recognized as a Notable Practice by Leaders League Brazil. To ensure an up-to-date view of the risks, appropriate to the current moment of application of the LGPD in Brazil, we considered the recent actions of supervisory and sanctioning bodies – from the ANPD to the Judiciary.

In this way, we meet the needs of companies, calculating the efficiency of the Privacy and Personal Data Protection Program and quantifying the risks to which it is currently subject. The final deliverable is the Maturity Analysis Report, documenting the efficiency of the data protection practices adopted. Where there is non-compliance, recommendations are issued.